A now-patched vital safety flaw impacting Google Cloud Platform (GCP) Composer might have been exploited to realize distant code execution on cloud servers via a provide chain assault approach referred to as dependency confusion.
The vulnerability has been codenamed CloudImposer by Tenable Analysis.
“The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool,” safety researcher Liv Matan stated in a report shared with The Hacker Information.
Dependency confusion (aka substitution assault), which was first documented by safety researcher Alex Birsan in February 2021, refers to a kind of software program provide chain compromise during which a bundle supervisor is tricked into pulling a malicious bundle from a public repository as a substitute of the supposed file of the identical identify from an inside repository.
So, a menace actor might stage a large-scale provide chain assault by publishing a counterfeit bundle to a public bundle repository with the identical identify as a bundle internally developed by firms and with the next model quantity.
This, in flip, causes the bundle supervisor to unknowingly obtain the malicious bundle from the general public repository as a substitute of the non-public repository, successfully changing the prevailing bundle dependency with its rogue counterpart.
The issue recognized by Tenable is comparable in that it could possibly be abused to add a malicious bundle to the Python Bundle Index (PyPI) repository with the identify “google-cloud-datacatalog-lineage-producer-client,” which might then be preinstalled on all Composer situations with elevated permissions.
Whereas Cloud Composer requires that the bundle in query is version-pinned (i.e., model 0.1.0), Tenable discovered that utilizing the “–extra-index-url” argument throughout a “pip install” command prioritizes fetching the bundle from the general public registry, thereby opening the door to dependency confusion.
Armed with this privilege, attackers might execute code, exfiltrate service account credentials, and transfer laterally within the sufferer’s surroundings to different GCP companies.
Following accountable disclosure on January 18, 2024, it was fastened by Google in Might 2024 by guaranteeing that the bundle is barely put in from a personal repository. It has additionally added the additional precaution of verifying the bundle’s checksum with a view to affirm its integrity and validate that it has not been tampered with.
The Python Packaging Authority (PyPA) is claimed to have been conscious of the dangers posed by the “–extra-index-url” argument since a minimum of March 2018, urging customers to skip utilizing PyPI in instances the place the inner bundle must be pulled.
“Packages are expected to be unique up to name and version, so two wheels with the same package name and version are treated as indistinguishable by pip,” a PyPA member famous on the time. “This is a deliberate feature of the package metadata, and not likely to change.”
Google, as a part of its repair, now additionally recommends that builders use the “–index-url” argument as a substitute of the “–extra-index-url” argument and that GCP clients make use of an Artifact Registry digital repository when requiring a number of repositories.
“The ‘–index-url’ argument reduces the risk of dependency confusion attacks by only searching for packages in the registry that was defined as a given value for that argument,” Matan stated.
